Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Two Networks in the same VLAN? Is it possible?

At a technical perspective, it seems like it would be simple to do. Create a new self-IP from a new subnet, but just assign it in the same VLAN and have your servers set their default GW to that self-IP. The only issue I'm running into now, is getting the servers from the old network, talk to the new.

I have static routes built out on the OEs, but wasn't sure if there were any additional configurations that were needed on the F5.

Thanks

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi anesler,
if your BIG-IP is used as a router to handle traffic for servers in different IP ranges it will be necessary to configure forwarding virtual servers.
These will be network virtual servers of type "Forwarding IP", port "any, protocol "any" with fastL4 profile assigned.
The destination network will be specified as the network and mask and that´s it.
Two of these virtual servers will be required to handle bi-directional traffic.
SNAT will not be necessary in my opinion, as the responses to the "remote" network will be send to the default gateway (represented by the floating self IP on VLAN).
This setup can be improved by defining service specific virtual servers i.e. to handle long lasting sessions with specific profiles assigned or i.e. DNS traffic with a virtual server on UDP/53 with a udp_gtm_dns profile assigned.
Thanks, Stephan

0
Comments on this Answer
Comment made 10-Feb-2015 by anesler 1
Stephan, I appreciate the feedback. However, I am puzzled to why the F5 can't make out that the two networks reside in the same VLAN? So what you're saying is, if "Server A" resides in VLAN xyz and "Server B" resides in VLAN xyz... they cant talk to each other AT ALL without the use of new virtual servers?
0
Comment made 10-Feb-2015 by Stephan Manthey 3803
Hi anesler, if server A and server B belong to different IP networks they need to direct traffic to hosts in remote networks to their default gateway. The floating self IPs (belonging to the address ranges in use) on this VLAN will be used as default gateway. By default the BIG-IP will not forward traffic without a virtual server. That´s why virtual servers (type network in mode forwarding IP) will be required to forward traffic between the different IP networks. It´s more or less the same story as with a router having secondary IP addresses on an interface. It will route the traffic by default. The BIG-IP does not forward traffic until a listener (virtual server) is defined. In some TMOS versions a so called default SNAT was providing this functionality as well and I never figured out if this was by design or due to a bug. That´s why I strictly avoid using these default SNATs (configured as SNAT List objects) and apply SNATpools or SNAT AutoMap via virtual server settings or via iRule. I hope this answered your question. Thanks, Stephan
1
Comment made 10-Feb-2015 by anesler 1
Stephan, I think I see what you are saying. The F5 needs to know how to handle the request and listen on some type of service. So after an "IP Forwarding Virtual Server" is defined with the destination network address/mask of the NEW network, does it become active? How does the F5 know how to handle the particular traffic at that point? Once again... I greatly appreciate the assistance and fast feedback!
0
Comment made 10-Feb-2015 by Stephan Manthey 3803
Hi anesler, yes, that´s the point. A virtual server is defined as a host IP or a network. In addition you specify the transport protocol and the service port. (It can be all protocols and a wildcard port of "0" as well.) The virtual server typically forwards traffic to a pool by applying destination NAT. But in a case like this you set it to mode "Forwarding IP" and it simply routes the incoming packets that fit to the definitions (destination IP, protocol, port and VLAN where the virtual server is enabled on). When selecting a network virtual server, destination NAT is disabled by default. Thanks, Stephan
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

yes, you can use two networks or two different subnets sharing same vlan id, however it is not recommended

0
Comments on this Answer
Comment made 07-Feb-2015 by Mahmoud Eldeeb 781
Don't forget to mark the answer as the solution if you would, please.
0
Comment made 10-Feb-2015 by anesler 1
Can you elaborate on why this is not recommended?
0
Comment made 10-Feb-2015 by boneyard 5637
cant speak for Mahmoud, but i do agree. you are adding complexity and with great chance on errors and difficult troubleshooting. if you dont have a very good need for this, dont do it.
0